|CVSS SCORE||10.0, (AV:N/AC:L/Au:N/C:C/I:C/A:C)|
|TREND MICRO CUSTOMER PROTECTION||Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 16778. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the development installation. The saveFile.jsp page does not properly check for directory traversal, allowing an attacker to overwrite any file on the system. An attacker could leverage this to execute arbitrary code in the context of SYSTEM.
9/11/2014 - ZDI disclosed report to Visual Mining Technical Support Team.